Privacy Policy

Last updated: January 9, 2026

1. Our No-Logs Policy

We do not log, monitor, or store any information about your VPN usage. This includes:

• Websites you visit — We don't know and can't know what sites you access
• Traffic content or data — Your encrypted traffic passes through our servers without inspection
• DNS queries — We don't log what domains you look up
• Connection timestamps — We don't record when you connect or disconnect
• Session duration — We don't track how long you use the VPN
• IP addresses during VPN session — Once connected, your real IP is not logged
• Bandwidth usage — We don't monitor how much data you transfer

This isn't marketing—it's how we've designed our infrastructure. We use post-quantum cryptography (PALISADE protocol) with forward secrecy, ensuring that even if our servers were compromised, past traffic remains unreadable.

2. Information We Do Collect

To operate the service, we collect minimal information:

2.1 Account Information

• Email address — Required for account creation, password resets, and critical service updates
• Account creation date — To manage your subscription

2.2 Payment Information

• Payment processing — Handled by Stripe (a PCI-compliant third party). We never see or store your credit card details
• Subscription status — Active, expired, or canceled (to provide service access)
• Transaction ID — For billing support and refund processing

2.3 Waitlist (Pre-Launch Only)

• Email address — If you join our waitlist, we store your email to notify you when we launch
• Signup timestamp — To track when you joined
• Waitlist data is separate — Your waitlist email is not automatically converted to a customer account. These are separate systems.

2.4 Technical Information (Minimal)

• Device type and OS version — To ensure app compatibility and provide support
• App version — To assist with troubleshooting

Important: This technical information is not tied to your VPN usage. We know what device you registered with, not what you do while connected to the VPN.

3. How We Use Your Information

We use the minimal data we collect only for:

• Account management — Creating and maintaining your account
• Service delivery — Providing VPN access based on subscription status
• Customer support — Responding to your inquiries (only when you contact us)
• Critical service updates — Security notifications, service outages (we won't spam you with marketing)
• Payment processing — Handling subscriptions and refunds
• Legal compliance — If required by law (see Section 7)

We do not: Sell your data, share it with advertisers, use it for marketing analytics, or profile your behavior.

4. Data Security

We protect the minimal data we do collect with:

• Post-quantum encryption — PALISADE protocol using ML-KEM-768 and Dilithium-3
• Forward secrecy — Past traffic remains encrypted even if future keys are compromised
• Encrypted storage — Account data is encrypted at rest
• Secure infrastructure — Regular security audits and hardened servers
• Minimal retention — We delete data when no longer needed

5. Third-Party Services

We use a minimal number of third-party services, chosen for their privacy practices:

• Stripe — Payment processing (PCI-compliant, doesn't share data with us beyond transaction status)
• Email service — For sending account emails (we use privacy-respecting providers)

We do not use: Google Analytics, Facebook Pixel, tracking cookies, advertising networks, or any third-party analytics on our VPN service.

6. Your Rights

You have complete control over your data:

• Access your data — Request a copy of your account information
• Delete your data — Delete your account and all associated information at any time
• Correct your data — Update your email address or other account details
• Export your data — Download your account information
• Opt-out of emails — Unsubscribe from non-essential communications (we'll still send critical service updates)

To exercise these rights, email us at Henry@seraphvpn.com

7. Legal Requests and Transparency

We cannot provide what we don't have. Because we don't log your VPN usage, we cannot provide browsing history, traffic logs, or connection records—even if legally compelled. The most we could provide is account information (email, subscription status) if required by valid legal process.

If we ever receive a legal request for user data, we will:

• Carefully review its validity and scope
• Challenge overly broad or unjustified requests
• Notify affected users unless legally prohibited
• Provide only the minimum information required

8. Data Retention

• Account data — Retained while your account is active
• After account deletion — Permanently deleted within 30 days, except where required for legal/financial compliance (e.g., tax records)
• Waitlist data — Deleted after service launch or upon request
• VPN usage logs — We don't collect them, so there's nothing to retain

9. International Users

SeraphVPN serves users worldwide. If you're outside the United States, your data may be transferred to and processed in the US. We apply the same strict privacy protections regardless of where you're located.

10. Children's Privacy

SeraphVPN is not intended for users under 18. We do not knowingly collect information from children. If you're a parent and believe your child has provided us with information, contact us and we'll delete it.

11. Changes to This Policy

If we make significant changes to this privacy policy, we'll notify you via email and update the "Last updated" date at the top. We'll never reduce your privacy protections without clear notice and your consent.

12. Contact Us

For privacy questions, data requests, or concerns:

• Email: Henry@seraphvpn.com
• Support: henry@seraphvpn.com